Hacker group found in China, linked to big cyberattacks: Symantec

Published September 17, 2013
The for-hire hacker group is linked to attacks on Google and Adobe, amongst others. — Reuters Photo
The for-hire hacker group is linked to attacks on Google and Adobe, amongst others. — Reuters Photo

Boston - Computer security experts have discovered a group of highly sophisticated computer hackers operating for hire, a US computer security firm said on Tuesday, and it linked the group to some of the best-known cyber-espionage attacks out of China in recent years.

Symantec Corp said the hacker group, which it dubbed "Hidden Lynx," was among the most technically advanced of several dozen groups believed to be running cyber espionage operations out of China. Unlike a previous report by another company, Symantec did not allege Chinese government involvement in the cyberattacks.

Symantec's 28-page report said its researchers believe the Hidden Lynx group may have been involved with the 2009 Operation Aurora attacks, the most well-known cyber espionage campaign uncovered to date against US companies.

In Operation Aurora, hackers attacked Google Inc and dozens of other companies including Adobe Systems Inc. Google disclosed the attacks in January 2010, in which hackers tried to read Gmail communications of human rights activists and also attempted to access and change source code at targeted companies.

Symantec researcher Liam O'Murchu said his firm was unable to determine which individuals were behind Hidden Lynx or if it was linked to the Chinese government.

A separate study, released in February from the US computer security firm Mandiant, said a secretive unit of the Chinese military was engaged in cyber espionage on American companies. Beijing vehemently denied the accusations in that document, which contained photos of the building that Mandiant alleged was the unit's headquarters.

Symantec believes the group is based in China, O'Murchu said, because much of the infrastructure used to run the attacks is based there and because the malicious software was written using Chinese tools and with Chinese code.

The Symantec report also provides new details about who is behind several recent attacks, including a breach at cyber security firm Bit9 and follow-on attacks at three Bit9 clients.

It also connects Hidden Lynx to a major campaign dubbed Voho, which was discovered last year by the security firm RSA, which is owned by EMC Corp. Voho targeted hundreds of organizations including financial firms, technology and healthcare companies, defense contractors and government agencies.

Symantec described the Hidden Lynx group as a "professional organization" staffed by between 50 and 100 people with a variety of skills needed to breach networks and exfiltrate data. The arsenal of tools included Trojan Naid and Trojan Moudoor, which the gang use to siphon data from infected computers.

Symantec, which sells software and services to protect corporate and consumer computer systems from cyber attacks like the ones mentioned in the report, said Naid was also used by hackers in Operation Aurora.

The Hidden Lynx hackers "were either responsible for the Aurora attack or were working in conjunction with the Aurora attackers," O'Murchu said.

Opinion

Editorial

Kurram atrocity
Updated 22 Nov, 2024

Kurram atrocity

It would be a monumental mistake for the state to continue ignoring the violence in Kurram.
Persistent grip
22 Nov, 2024

Persistent grip

An audit of polio funds at federal and provincial levels is sorely needed, with obstacles hindering eradication efforts targeted.
Green transport
22 Nov, 2024

Green transport

THE government has taken a commendable step by announcing a New Energy Vehicle policy aiming to ensure that by 2030,...
Military option
Updated 21 Nov, 2024

Military option

While restoring peace is essential, addressing Balochistan’s socioeconomic deprivation is equally important.
HIV/AIDS disaster
21 Nov, 2024

HIV/AIDS disaster

A TORTUROUS sense of déjà vu is attached to the latest health fiasco at Multan’s Nishtar Hospital. The largest...
Dubious pardon
21 Nov, 2024

Dubious pardon

IT is disturbing how a crime as grave as custodial death has culminated in an out-of-court ‘settlement’. The...